75. A method of authenticating a remote party and " — 
establishing a cryptographic key for secure communications via 
an insecure communication channel, said method including the 
steps of : 

generating a random number x, computing g'' modulo p, where 
g and p are numbers, deriving a key k;, from g'' modulo p, 
encrypting said first challenge signal with k^, and a symmetric 
key cryptosystem, and sending a first ciphertext to said 
remote party; 

receiving a second ciphertext from said remote party, 
sending modulo p to said remote party, and starting a clock; 
receiving a third ciphertext and gy modulo p from said remote 
party, stopping the clock, and computing an elapsed time 
inter-val of said clock; 

deriving a key ks from g^ modulo, p, computing g'^ modulo p, 
deriving a key k^e from g'^ modulo p, decrypting said second 
ciphertext with kg to recover a second challenge signal from 
said remote party, decrypting said third ciphertext to recover 
a first response signal from said remote party; 

verifying that ' said elapsed time of the clock is within a 
predetermined interval (TL^, TU^) , where TL^, and TU^ are 
positive numbers; 

verifying that said second challenge signal is produced by 




said remote party; 

producing a second response signal of minimum duration T, 
encrypting said second response signal with k^B and sending a 
fourth ciphertext to said remote party; 

verifying that said first response signal is a response 
produced by said remote party to said first challenge signal; 
and 

generating a key k from g^ modulo p for secure 
communications with said remote party. 

76. The method according to claim 75, wherein said challenge 
signals and response signals represent biometrics 
characteristics (such as voice signals) of the producing 
parties . 

77. The method according to claims 75, wherein verification 
of said first response signal and said second challenge signal 
from said remote party is based on familiarity of remote 
party's biometrics characteristics. Encryption of said 
challenge and response signals is performed using a 
cryptographic commitment function. 
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78, The method according to claim 75, where TL^ is t^ + t2 and 
TUa is ti + t2 + T, with ti being the duration of said first 
challenge signal and ts being the duration of said first 
response signal . 

79. An apparatus for authenticating a remote party and 
establishing a cryptographic key for secure communications via 
an insecure communication channel, said apparatus including: 

means for generating a first challenge signal of minimum 
duration T, where T is a fixed time interval, and it is larger 
than the channel transmission and processing delay; 

means for generating a random number x, computing g"" 
modulo p, where g and p are numbers, deriving a key k^ from g^ 
modulo p, encrypting said first challenge signal with k^ and a 
symmetric key cryptosystem,. and sending a first ciphertext to 
said remote party; 

means for receiving a second ciphertext from said remote 
party, sending g"" modulo p to said remote party, and starting a 
clock; 

means for receiving a third ciphertext and g^ modulo p 
from said remote party, stopping the clock, and computing an 
elapsed time interval of said clock; 

means for deriving a key kg from g^ modulo p, computing g^ 
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modulo p, deriving a key k^s from modulo p, decrypting said 
second ciphertext with ke to recover a second challenge signal 
from said remote party, decrypting said third ciphertext to 
recover a first response signal from said remote party; 

means for verifying that said elapsed time of the clock 
is within a predetermined interval (TL^, TU^) , where TL^ and TU^ 
are positive numbers; 




means for verifying that said second challenge signal is 
produced by said remote party; 



means for producing a second response signal of minimum 
duration T, encrypting said second response signal with k^e and 
sending a fourth ciphertext to said remote party; 

means for verifying that said first response signal is a 
response produced by said remote party to said first challenge 
signal; and 

means for generating a key k from g^y modulo p for secure 
communications with said remote party. 

80. The apparatus according to claim 79, wherein said 
challenge signals and response signals represent biometrics 
characteristics (such as voice signals) of the producing 
parties . 
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81. The apparatus according to claim 79, wherein verification 
of said first response signal and said second challenge signal 
from said remote party is based on familiarity of remote 
party's biometrics characteristics. Encryption of said 
challenge and response signals is performed using a 
cryptographic commitment function. 

82. The apparatus according to claim 79, where TL^ is ti + t2 
and TUa is ti + ts + T, with ti being the duration of said first 
challenge signal and ta being the duration of said first 
response signal. 

83 . A method of authenticating a remote party and 
establishing a cryptographic key for secure communications via 
an insecure communication channel, said method including the 
steps of: 

receiving a first ciphertext from said remote party, 
generating a random number y, computing g^ modulo p, where g 
and p are numbers; 

producing a first challenge signal of minimum duration T, 
where T is a fixed time interval, and it is larger than the 
channel transmission and processing delay; 

deriving a key kg from g^ modulo p, encrypting said first 
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challenge signal with kg and a symmetric key cryptosystem, and 
sending a second ciphertext to said remote party; 

receiving g"" modulo p from said remote party, deriving a 
key. k^ from g^ modulo p, decrypting said first ciphertext to 
recover a second challenge signal from said remote party; 

verifying that said second challenge signal is produced 
by said remote party, producing a first response signal of 
minimum duration T; 

computing g"*^ modulo p, deriving a key k^s from g^ modulo 
p, encrypting said first response signal, sending a third 
ciphertext and g^ modulo p to said remote party, and starting a 
clock; 

receiving a fourth ciphertext, stopping the clock, and 
computing the elapsed time of the clock, and decrypting the 
fourth ciphertext to recover a second response signal from 
said remote party; 

verifying that said elapsed time of said clock is within 
a predetermined inte rval (TLig, TUg) , where TLg and TUg are 
positive numbers; 

verifying that said second response signal is a response 
produced by said remote party to said first challenge signal; 
and 

generating a key k from g^^ modulo p for secure 
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communications with the remote party. 

84. The method according to claim 83, wherein said challenge 
signals and response signals represent biometrics 
characteristics (such as voice signals) of the producing 
parties . 

85. The method according to claim 83, wherein verification of 
said second challenge signal and said second response signal 
from remote party is based on familiarity of remote party's 
biometrics characteristics. Encryption of said challenge and 
response signals is performed using a cryptographic commitment 
function . 

86. The. method according to claim 83, where TLb is ta + t4 and 
TUb is t3 + t4 + T, with t3 being the duration of the first 
challenge signal and t4 being the duration of the second 
response signal. 

87. An apparatus for authenticating a remote party and 
establishing a cryptographic key for secure communications via 
an insecure communication channel, said apparatus including: 
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means for receiving a first ciphertext from said remote 
party, generating a random number y, computing g^ modulo p, 
where g and p are numbers; 

means for producing a first challenge signal of minimum 
duration T, where T is a fixed time interval and it is larger 
than the channel transmission and processing delays- 
means for deriving a key kg from g^ modulo p, encrypting 
said first challenge signal with kg and a symmetric key 
cryptosystem, and sending a second ciphertext to said remote 
party; 

means for receiving g^ modulo p from said remote party, 
deriving a key k^ from g^ modulo p, decrypting said first 
ciphertext to recover a second challenge signal from said 
remote party; 

means for verifying that said second challenge signal is 
produced by said remote party, producing a first response 
signal of minimum duration T; 

means for computing g^y modulo p, deriving a key k^B from 
g^ modulo p, encrypting said first response signal, sending a 
third ciphertext and g^ modulo p to said remote party, and 
starting a clock; 

means for receiving a fourth ciphertext, stopping the 
clock, and computing the elapsed time of the clock, and 
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decrypting the fourth ciphertext to recover a second response 
signal from said remote party; 

means for verifying that said elapsed time of said clock 
is within a predetermined interval (TLb, TUb) , where TLg and TUi 
are positive numbers; 

means for verifying that said second response signal is a 
response produced by said remote party to said first challenge 
signal; and 

means for generating a key k from g"^ modulo p for secure 
communications with the remote party. 

88. The apparatus according to claim 87, wherein said 
challenge signals and response signals are signals 
representing biometrics characteristics. 

89. The apparatus according to claim 87, wherein verification 
of said second challenge signal and said second response 
signal from remote party is based on familiarity of remote 
party's biometrics characteristics. Encryption of said 
challenge and response signals is performed using a 
cryptographic commitment function. 
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90. The apparatus according to claim 87, where TLg is t3 + t4 
and TUb is + T, with t3 being the duration of the first 
challenge signal and t4 being the duration of the second 
response signal . 

91. A method of authenticating a remote party and 
establishing a cryptographic key for secure communications via 
an insecure communication channel, said method including the 
steps of : 

generating a first challenge signal of minimum duration 
T, where T is a fixed time interval, and it is larger than the 
channel transmission and processing delay; 

generating a random number x, computing g^ modulo p, where 
g, and p are numbers, deriving a key k^ from g^ modulo p, 
encrypting said first challenge signal with k^ and a symmetric 
key cryptosystem, and sending a first ciphertext to said 
remote party; 

receiving a second ciphertext, sending g^ modulo p to said 
remote party, and starting a clock; 

receiving g^ modulo p, computing a key kg from g^ modulo 
p, decrytping the second ciphertext to recover a second 
challenge signal from said remote party; 
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verifying said second challenge statement to ensure that 
said second challenge statement is produced by said remote 
party, and producing a first response signal of minimum 
duration T; 

computing g^ modulo p, deriving a key "kj^ from g^ modulo 
p, encrypting said first response signal and sending a third 
ciphertext to said remote party; 

receiving a fourth ciphertext from said remote party, 
stopping said clock, decrypting the fourth ciphertext with k^B 
to recover a second response signal from said remote party; 

verifying that said elapsed time of said clock is within 
a predetermined interval (tl^, tu^) , where tl^ and tUA are 
positive numbers ; 

verifying that said second response signal is a response 
produced by said remote party to said first challenge signal; 
and 

generating a key k from g^ modulo p for secure 
communications with said remote party. 

92. The method according to claim 91, wherein said challenge 
signals and response signals are signals representing 
biometrics characteristics . 
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93. The method according to claim 91, wherein verification of 
said second response signal and said second challenge signal 
from remote party is based on familiarity of remote party's 
biometrics characteristics. Encryption of said challenge and 
response signals is performed using a cryptographic commitment 
function . 

94. The method according to claim 91, where tlA is Ti + T2 and 
tUA is Ti + T2 + T, with Ti being the duration of said first 
challenge signal and T2 being the duration of said second 
response signal . 

95. An apparatus for authenticating a remote party and 
establishing a cryptographic key for secure communications via 
an insecure communication channel, said apparatus including: 

means for generating a first challenge signal of minimum 
duration T, where T is a fixed time interval, and it is larger 
than the channel transmission and processing delay; 

means for generating a random number x, computing g"" 
modulo p, where g and p are numbers, deriving a key k^ from g^ 
modulo p, encrypting said first challenge signal with k^ and a 
symmetric key cryptosystem, and sending a first ciphertext to 
said remote party; 

13 




means for receiving a second ciphertext, sending g'' modulo 
p to said remote party, and starting a clock; 

means for receiving g^ modulo p, computing a key kg from 
gy modulo p, decrytping the second ciphertext to recover a 
second challenge signal from said remote party; 

means for verifying said second challenge statement to 
ensure that said second challenge statement is produced by 
said remote party, and producing a first response signal of 
minimum duration T; 

means for computing g^y modulo p, deriving a key k^s from 
g^ modulo p, encrypting said first response signal and sending 
a third ciphertext to said remote party; 

means for receiving a fourth ciphertext from said remote 
party, stopping said clock, decrypting the fourth ciphertext 
with k^B to recover a second response signal from said remote 
party; 

means for verifying that said elapsed time of said clock 
is within a predetermined interval (tl^, tu^) , where tl^ and tu^ 
are positive numbers; 

verifying that said second response signal is a response 
produced by said remote party to said first challenge signal; 
and 
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means for generating a key k from g''^ modulo p for secure 
communications with said remote party. 

96. The apparatus according to claim 95, wherein said 
challenge signals and response signals are signals 
representing biometrics characteristics . 

97. The apparatus according to claim 95, wherein verification 
of said second response signal and said second challenge 
signal from remote party is based on familiarity of remote 
party's biometrics characteristics. Encryption of said 
challenge and response signals is performed using a 
cryptographic commitment function. 

98. The apparatus according to claim 95, where tl^ is Ti + T2 
and tUft is Ti^+ T2 + T, with T^ being the duration of said first 
challenge signal and T2 being the duration of said second 
response signal. 

99. A method of authenticating a remote party and 
establishing a cryptographic key for secure communications via 
an insecure communication channel, said method , including the 
steps of : 
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receiving a first ciphertext from remote party, generating 
a random number y, computing g^ modulo p, where g and p are 
numbers ; 

producing a- first challenge signal of minimum duration T, 
where T is a fixed time interval, and it is larger than the 
channel transmission and processing delay; 

deriving a key kg from g^ modulo p, encrypting said first 
challenge signal with kg and a symmetric key cryptosystem, and 
sending a second ciphertext; 

receiving g"^ modulo p, computing a key k^ from g"^ modulo p, 
decrypting said first ciphertext to recover a second challenge 
signal from remote party, sending g^ to remote party and 
starting a clock; 

verifying said second challenge statement to make sure 
that said second challenge statement is produced by said 
remote party, and then producing a first response signal of 
minimum duration T; 

computing g"^ modulo p, deriving a key k^B from g^^ modulo 
p, encrypting said first response signal and sending a third 
ciphertext to said remote party; 

receiving a fourth ciphertext from said remote party, 
stopping the clock, decrypting said fourth ciphertext with k^e 
to recover a second response signal from said remote party; 
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verifying that said elapsed time of the clock is within a 
predetermined interval (tig/ tUg) , where tie and tu^ are 
positive numbers; 

verifying that said second response signal is a response 
produced by said remote party to said first challenge signal; 
and 

generating a key k from g''^ modulo p for secure 
communications with the remote party. 

100. The method according to claim 99, wherein said challenge 
signals and response signals are signals representing 
biometrics characteristics . 

101. The method according to claim 99, wherein verification of 
said second challenge signal and said second response signal 
from said remote party is based on familiarity of remote 
party's biometrics characteristics. Encryption of said 
challenge and response signals is performed using a 
cryptographic commitment function. 

102. The method according to claim 99, where tie is T3 + T4 and 
tUe is T3 + T4 + T, with T3 being the duration of said first 
challenge signal and T4 being the duration of said second 
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response signal. 

103. An apparatus for authenticating a remote party and 
establishing a cryptographic key for secure communications via 
an insecure communication channel, said apparatus including: 

means for receiving a first ciphertext from remote party, 
generating a random number y, computing g^ modulo p, where g 
and p are numbers ; 

means for producing a first challenge signal of minimum 
duration T, where T is a fixed time interval, and it is larger 
than the channel transmission and processing delays- 
means for deriving a key kg from g^ modulo p, encrypting 
said first challenge signal with kg and a symmetric key 
cryptosystem, and sending a second ciphertext; 

means for receiving g^ modulo p, computing a key k^ from 
g"" modulo p, decrypting said first ciphertext to recover a 
second challenge signal from remote party, sending g^ to remote 
party and starting a clock; 

means for verifying said second challenge statement to 
make sure that said second challenge statement is produced by 
said remote party, and then producing a first response signal 
of minimum duration T; 

means for computing g''^ modulo p, deriving a key k^s from 
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g^y modulo p, encrypting said first response signal and sending 
a third ciphertext to said remote party; 

means for receiving a fourth ciphertext from said remote 
party, stopping the clock, decrypting said fourth ciphertext 
with k^B to recover a second response signal from said remote 
party; 

means for verifying that said elapsed time of the clock 
is within a predetermined interval (tig, tUg) , where tig and tUg 
are positive numbers; 

means for verifying that said second response signal is a 
response produced by said remote party to said first challenge 
signal; and 

means for generating a key k from g^^ modulo p for secure 
communications with the remote party, 

104 The apparatus according to claim 103, wherein said 
challenge signals and response signals are signals 
representing biometrics characteristics . 

105. The apparatus according to claim 103, wherein 
verification of said second challenge signal and said second 
response signal from said remote party is based on familiarity 
of remote party's biometrics characteristics. Encryption of 
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said challenge and response signals is performed using a 
cryptographic commitment function. 



106. The method according to claim 103, where tig is T3 + T4 
and tUg is T3 + T4 + T, with T3 being the duration of said first 
challenge signal and T4 being the duration of said second 
response signal . 
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